Force password submit on Google even when the user is already connected

knightq commented 1 year ago

I want to force the password re-submission every time a user tries to login through a Google OAuth2 roundtrip. The problem is that if the account is already connected, it won't ask the user to type the password again.

I've tried to change the prompt option to consent, as I thought this was the way to achieve this desired behaviour, but it didn't work: it asks for the password only when the user is not yet connected (authenticated) in the Google account.

Is there a way to force the password resubmission on Google every time, regardless of whether it is already authenticated or not?

Thank you!

My current configurtion

  provider(
    :google_oauth2,
    ENV.fetch('GOOGLE_OAUTH_CLIENT_ID'),
    ENV.fetch('GOOGLE_OAUTH_CLIENT_SECRET'),
    access_type: 'online',
    redirect_uri: "#{ENV.fetch('MY_HOST')}/auth/google_oauth2/callback",
    scope: 'email',
    prompt: 'select_account consent',
    image_aspect_ratio: 'square',
    image_size: 50
  )

GeorgeHaddad0 commented 1 year ago

Hi, I am facing the same problem. Could someone please confirm that there is no way to make this right now and if this something that could be later ?

zquestz commented 1 year ago

Unfortunately no option to do this.

zquestz / omniauth-google-oauth2

Force password submit on Google even when the user is already connected #436

My current configurtion